feat: add global settings for teams (#1391)

## Description This PR introduces global settings for teams. At the moment, it allows team admins to configure the following: * The default visibility of the documents uploaded to the team account * Whether to include the document owner (sender) details when sending emails to the recipients. ### Include Sender Details If the Sender Details setting is enabled, the emails sent by the team will include the sender's name: > "Example User" on behalf of "Example Team" has invited you to sign "document.pdf" Otherwise, the email will say: > "Example Team" has invited you to sign "document.pdf" ### Default Document Visibility This new option allows users to set the default visibility for the documents uploaded to the team account. It can have the following values: * Everyone * Manager and above * Admins only If the default document visibility isn't set, the document will be set to the role of the user who created the document: * If a user with the "User" role creates a document, the document's visibility is set to "Everyone". * Manager role -> "Manager and above" * Admin role -> "Admins only" Otherwise, if there is a default document visibility value, it uses that value. #### Gotcha To avoid issues, the `document owner` and the `recipient` can access the document irrespective of their role. For example: * If a team member with the role "Member" uploads a document and the default document visibility is "Admins", only the document owner and admins can access the document. * Similar to the other scenarios. * If an admin uploads a document and the default document visibility is "Admins", the recipient can access the document. * The admins have access to all the documents. * Managers have access to documents with the visibility set to "Everyone" and "Manager and above" * Members have access only to the documents with the visibility set to "Everyone". ## Testing Performed Tested it locally.
2025-11-22 20:51:33 +10:00 · 2024-11-08 13:50:49 +02:00
parent f6bcf921d5
commit 23a0537648
99 changed files with 4372 additions and 1037 deletions
--- a/apps/web/src/pages/api/branding/logo/team/[teamId].ts
+++ b/apps/web/src/pages/api/branding/logo/team/[teamId].ts
@ -0,0 +1,59 @@
+import type { NextApiRequest, NextApiResponse } from 'next';
+
+import sharp from 'sharp';
+
+import { getFile } from '@documenso/lib/universal/upload/get-file';
+import { prisma } from '@documenso/prisma';
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  const teamId = Number(req.query['teamId']);
+
+  if (teamId === 0 || Number.isNaN(teamId)) {
+    return res.status(400).json({
+      status: 'error',
+      message: 'Invalid team ID',
+    });
+  }
+
+  const settings = await prisma.teamGlobalSettings.findFirst({
+    where: {
+      teamId,
+    },
+  });
+
+  if (!settings || !settings.brandingEnabled) {
+    return res.status(404).json({
+      status: 'error',
+      message: 'Not found',
+    });
+  }
+
+  if (!settings.brandingLogo) {
+    return res.status(404).json({
+      status: 'error',
+      message: 'Not found',
+    });
+  }
+
+  const file = await getFile(JSON.parse(settings.brandingLogo)).catch(() => null);
+
+  if (!file) {
+    return res.status(404).json({
+      status: 'error',
+      message: 'Not found',
+    });
+  }
+
+  const img = await sharp(file)
+    .toFormat('png', {
+      quality: 80,
+    })
+    .toBuffer();
+
+  res.setHeader('Content-Type', 'image/png');
+  res.setHeader('Content-Length', img.length);
+  // Stale while revalidate for 1 hours to 24 hours
+  res.setHeader('Cache-Control', 'public, s-maxage=3600, stale-while-revalidate=86400');
+
+  res.status(200).send(img);
+}